Section 3

  • Virtual Private Dial-up Network - illustrated

  • Section 3 - Tunnel/2 Setup Cookbook

      Quickest Setup Possible

    • Preparing the Tunnel Master

      1. Setup the PASSWORD.TXT file in the Tunnel Master 'root' directory
      2. Run TM with default values: tm.exe

    • Preparing the Tunnel Slave

      1. Connect the InJoy dialer to the Internet with its /D command line option
      2. Copy 'CONNECT.TXT' from the InJoy directory to the Slave's directory
      3. Run TS: ts.exe   /M:masterIPaddr /S:password /F

      Step-by-Step Setup

    • Preparing the Tunnel Master

      This is a step by step introduction of what needs to be done on the OS/2 master PC, in order for the Tunnel Master to function. We will assume that you have a clean OS/2 PC with TCP/IP installed and configured. Before starting, lets us make it clear that you can just start the Tunnel Master and it will work, but you may not want to use default values for the more critical parts, such as the password file:

      1. Enable IP-forwarding.

        Because the Tunnel interface needs to pass data to several interfaces on the TCP/IP stack, IP forwarding must be in place for proper function. This can be done with the command

          'ipgate on' (usually found in \mptn\bin\setup.cmd).

      2. Connect to the Internet.

        A connection to the Internet is needed for the Tunnel to function, so you may have that as step 1 in your automated Tunnel startup. However, with a leased line to the Internet, you won't have this need.

      3. Set up the password file.

        Valid Slave passwords are stored in the 'PASSWORD.TXT' file. The password file must be located in the Tunnel Master directory (not subdirectory). Find a more thorough description in the section: Tunnel security, above.

      4. Select IP address space.

        The Tunnel Master represents one or more remote computers in your LAN. With the IP address and Subnet Mask assigned to the Tunnel Master, you define which packets are routed into the Tunnel driven Virtual Private Network.

        Read more in the above section: Addressing.

      5. Firewall changes.

        The Tunnel Master will work with any firewall and the only thing that needs to be done, is to allow incoming traffic to the TCP port that you choose for the Tunnel Master. The default TCP listen port is 1111.

        Some firewalls have the ability to close TCP connections after a duration of minutes and of course that should be turned off.

      6. Enable the "bring online" phone call to Slaves.

        See how in the Dialer and Dial-On-Demand section. Skip this step if you don't want the Tunnel Master to dial the remote Slaves.

      7. Start the Tunnel Master.

        The Tunnel Master should now be ready to do the job of integrating your entire LAN in the most beautiful and secure way.

        Be aware that the Tunnel Master will change the looks of your TCP/IP stack. Each remote node will have a PROXY ARP entry to inform your router/network that the remote Slave IP addresses are reachable via the Tunnel Master PC.

        Issuing 'netstat -r' will also show the new interface 'head0' added to the TCP/IP stack. This interface will receive IP packets destined for the remote Slaves.

    • Preparing the Tunnel Slave

      This is a step by step introduction of what needs to be done on the OS/2 slave PC, in order for the Tunnel Slave to function. We will assume that you have a clean OS/2 PC with TCP/IP installed and configured:

      1. Enable IP-forwarding.

        Because the Tunnel interface needs to pass data to over several interfaces on the TCP/IP stack, IP forwarding must be in place for proper function. This can be done with the command

          'ipgate on' (usually found in \mptn\bin\setup.cmd).

      2. Make sure there is no default route.

        Do this by issuing the command 'netstat -r', then examine the output for any routes with the destination set to "default".

        A possible default route is deleted with the command:

          'route delete default router_IP_address'.

        You can also use the configuration utility 'TCPCFG.EXE' to re-configure your route-table.

      3. Launch and connect the Internet dialer.

        This step assumes that you will be using Dial-Up for your Tunnel. If that is not the case, then use this step to verify that you do indeed have the connection that you intend to use. Keep in mind that you just deleted the default route.

        When the Internet dialer is connected, you should again make sure that you don't have a default route. If you use InJoy as your Internet Dialer, you can use the option /D to skip the creation of the default route.

        If your Internet dialer does not offer a similar switch, then remove the the default following the instructions in the appropriate above step.

      4. Create host route to the name server.

        The Tunnel Slave may need to resolve names and it will accordingly require a path to a DNS. If your DNS is the one of your ISP, then you are not able to get to it, because the default route no longer exist. Instead, create a host route directly to the name servers you wish to use.

        Assuming your DNS is located at 123.145.156.167 and the ISP gateway address is 111.111.111.111, then this command will add the necessary route:

          route add host 123.145.156.167 111.111.111.111 1

        If you have a corporate DNS and you give the address of the Tunnel Master in decimal dotted notation (like 192.168.1.10) then you should not need the name server route.

      5. Set up the name server correctly.

        Be sure to set up the 'RESOLV' and 'RESOLV2' files to match your needs.

      Scripts
      Following you will find a set of customer-provided REXX scripts that are being used to control the F/X Tunnel/2 behavior in combination with InJoy and a DNS. A company DNS can be a powerful tool in automatic configuration of remote sites and these scripts somewhat take advantage of that approach.

      The scripts are included in the distribution archive and listed here for your information and reference only. You are welcome get ideas and cut and paste all you want.

      There are no warranties and these scripts are not supported by F/X Communications.

      Scripts
      File Name
      Description
      Comments
      ts_con.cmd Run at InJoy connect time InJoy from InJoy
      ts_discon.cmd Run at InJoy disconnect time Autostart from InJoy
      ts_reset.cmd Delete all configuration information User utility
      ts_set.cmd Run without parameters to show cached info Can be used to set any cached values
      ts_init.cmd Initialize the Slave profile Called from ts_con.cmd
      ts_dns.cmd Determine DNS info Called from ts_con.cmd
      ts_route.cmd Dynamic routing table management Called from ts_con.cmd
      ts_sniff.cmd Determine master and slave parameters Called from ts_con.cmd
      ts_launch.cmd Start tunnel slave Called from ts_con.cmd
      ts_tune.cmd Tune IP interfaces for performance Called from ts_con.cmd
      ts_aux.cmd Enable DHCP Called from ts_con.cmd


    Copyright © 1997, 1998 F/X Communications - All Rights Reserved.